Wireless adaptor and wireless gateway having built-in firewalls for secure access to instruments

ABSTRACT

An apparatus and method is disclosed for the secure access to field instruments. An interface device that includes a built-in firewall, is communicatively coupled between the device manager of an industrial automation process control system and a network of field instruments. The interface device includes at least one processor configured to execute instructions that provides a firewall for the one or more field instruments by blocking one or more user selected commands from being sent to the field instruments from the device manager.

CROSS-REFERENCE TO RELATED APPLICATION AND PRIORITY CLAIM

This application claims priority under 35 U.S.C. sctn. 119(e) to U.S.Provisional Patent Application No. 62/750,969, filed on Oct. 26, 2018,which is to hereby incorporated by reference in its entirety.

TECHNICAL FIELD

This disclosure relates generally to industrial process control andautomation systems. More specifically, this disclosure relates to awireless adaptor and wireless gateway having built-in firewalls forsecure access to instruments.

BACKGROUND

Industrial process control and automation systems are often used toautomate large and complex industrial processes. These types of systemsroutinely include various components including sensors, actuators, andprocess controllers. Some of the process controllers can receivemeasurements from the sensors and generate control signals for theactuators.

While originally viewed negatively due to actual or perceived concernsover reliability, it has become common for wireless devices to be usedfor data acquisition and monitoring functions in control and automationsystems. Data acquisition functions generally relate to capturing dataassociated with one or more industrial processes and relaying that datato one or more destinations. Monitoring functions generally relate tomonitoring the operation of one or more industrial processes in order toidentify abnormal or other conditions associated with the industrialprocesses.

SUMMARY

This disclosure provides a wireless gateway and wireless adaptorapparatus having built-in firewalls for secure access to fieldinstruments and a method for use thereof.

In a first embodiment, the apparatus includes a wireless adaptorincluding at least one interface configured to be coupled to one or morewired field devices. The wireless adaptor also includes at least onewireless radio configured to communicate over a wireless network and toreceive commands for the one or more field devices over the wirelessnetwork. The wireless adaptor further comprising of at least oneprocessor configured to execute instructions that provide a firewall forthe one or more wired field devices by blocking one or more of thecommands from being sent to the one or more wired field devices.

In a second embodiment, a method includes coupling at least oneinterface of a wireless adaptor to one or more wired field devices usingat least one wireless radio. The wireless adaptor communicating over awireless network to receive commands for the one or more wired fielddevices over the wireless network. The method further including using atleast one processor of the wireless adaptor to execute instructions thatprovide a firewall for the one or more wired field devices by blockingone or more of the commands from being sent to the one or more wiredfield devices.

In a third embodiment, the apparatus includes a wireless gatewaycomprising at least one interface configured to be coupled to one ormore networks. The wireless gateway also comprising at least onewireless radio configured to communicate over a wireless network and totransmit commands for one or more wireless field devices over thewireless network. The wireless gateway further comprising at least oneprocessor configured to execute instructions that provide a firewall forthe one or more wireless field devices by blocking one or more of thecommands from being sent to the one or more wireless field devices.

In a fourth embodiment, a method includes coupling at least oneinterface of a wireless gateway to one or more networks using at leastone wireless radio of the wireless gateway to communicate over awireless network and to transmit commands for one or more wireless fielddevices over the wireless network. The method further including using atleast one processor of the wireless gateway to execute instructions thatprovides a firewall for the one or more wireless field devices byblocking one or more of the commands from being sent to the one or morewireless field devices.

In a fifth embodiment, a non-transitory computer readable mediumcontaining instruction, that when executed by at least one processingdevice, causes at least one processing device to couple a wirelessinterface to a wireless network using at least one wireless radio and tocommunicate over the wireless network to transmit commands to one ormore field devices. The method further includes using the processor ofthe wireless interface to execute instructions that provides a firewallfor the one or more field devices by blocking one or more of thecommands from being sent to the one or more field devices.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of this disclosure, reference is nowmade to the following description, taken in conjunction with theaccompanying drawings, in which:

FIG. 1 illustrates an example industrial control and automation systemaccording to this disclosure; and

FIG. 2 illustrates an example device having a built-in firewall forsecure access to instruments within a wireless adaptor or wirelessgateway according to this disclosure.

FIG. 3 illustrates the WirelessHART gateway with a built-in firewall inaccordance to the present disclosure.

FIG. 4 illustrates the WirelessHART adapter with built-in firewall inaccordance to the present invention.

FIG. 5 illustrates the WirelessHART adapter connected to a handheldprogramming device in accordance to the present invention.

DETAILED DESCRIPTION

FIGS. 1 and 2, discussed below, and the various embodiments used todescribe the principles of the present invention in this patent documentare by way of illustration only and should not be construed in any wayto limit the scope of the invention. Those skilled in the art willunderstand that the principles of the invention may be implemented inany type of suitably arranged device or system.

As noted above, it has become common for wireless devices to be used fordata acquisition and monitoring functions in industrial process controland automation systems. As industrial wireless protocols are used moreand more in safety and control applications, there is a need forimplementing firewalls on various types of devices (such as wirelessnetwork adaptors and wireless network gateways) to avoid configurationchanges to field instruments when the field instruments are in use. Someof this is driven by the desire to avoid inadvertent changes to fieldinstruments. For instance, a field instrument connected to a wirelessadaptor could be accessible by a handheld device, where the handhelddevice connects to a physical wire loop in order to configure the fieldinstrument. It is possible that configuration commands sent to the fieldinstrument over the physical wire loop could be received by andreconfigure a different device. Some of this is also driven by thedesire to protect field instruments from cybersecurity threats, such asmalware. Often, industrial wireless protocols are open protocols andprovide no protection for the lowest-level devices in industrial controland automation systems, such as various types of field devices. Thesetypes of concerns are slowing the adoption of industrial wirelessprotocols in industrial settings.

This disclosure provides various architectures for wireless adaptors andwireless gateways that incorporate built-in configurable firewalls,which provide novel approaches for providing uniquecybersecurity-enabled products. With the incorporation of theconfigurable firewalls, the wireless adaptors and wireless gateways canprovide security for field instruments coupled to or communicating withthe wireless adaptors and wireless gateways. Thus, facilities that arereluctant to use wireless technologies because of security or safetyconcerns may be more likely to adopt industrial wireless solutions,which often provide for lower costs, faster deployments, and easiermaintenance compared to wired solutions. Moreover, with the increasingadoption of wireless technologies for safety and control applications invarious process industries, it may be useful or desirable to make surethe configurations of wireless devices are not changed by applications,such as asset management software. The firewall in a wireless gateway orwireless adaptor can help to filter out unintended or undesirableconfiguration change or to alert control and safety systems when aconfiguration change occurs.

FIG. 1 illustrates an example industrial control and automation system100 according to this disclosure. As shown in FIG. 1, the system 100includes one or more process elements 102. The process elements 102represent components in a process system that perform any of a widevariety of functions. For example, the process elements 102 couldrepresent sensors, actuators, or any other or additional industrialequipment in a processing environment. Each process element 102 includesany suitable structure for performing one or more functions in a processsystem. Also, a process system represents any system or portion thereofconfigured to process one or more materials in some manner.

At least one controller 104 is coupled to the process elements 102. Eachcontroller 104 controls the operation of one or more of the processelements 102. For example, the controller 104 could receive informationassociated with the process system, such as sensor measurements fromsome of the process elements 102. The controller 104 could use thisinformation to generate control signals for others of the processelements 102, such as actuators, to thereby adjust the operation ofthose process elements 102. Each controller 104 includes any suitablestructure for controlling one or more process elements 102. Eachcontroller 104 could, for example, represent a computing deviceexecuting multi-variable or other control logic.

At least one network 106 facilitates communication between variouscomponents in the system 100. For example, the network 106 maycommunicate Internet Protocol (IP) packets, frame relay frames,Asynchronous Transfer Mode (ATM) cells, or other suitable informationbetween network addresses. The network 106 may include one or more localarea networks, metropolitan area networks, wide area networks, all or aportion of a global network, or any other communication system(s) at oneor more locations.

As shown in FIG. 1, the system 100 also includes one or more wirelessnetworks for communicating with wireless sensors or other wireless fielddevices. In this example, the wireless network includes one or moreinfrastructure nodes (“I nodes”) 108 a-108 c, one or more leaf nodes 110a-110 d, and one or more gateway infrastructure nodes 112.

The infrastructure nodes 108 a-108 c and leaf nodes 110 a-110 d engagein wireless communications with each other. For example, theinfrastructure nodes 108 a-108 c may receive data transmitted over thenetwork 106 (via a gateway infrastructure node 112) and wirelesslycommunicate the data to the leaf nodes 110 a-110 d. Also, the leaf nodes110 a-110 d may wirelessly communicate data to the infrastructure nodes108 a-108 c for forwarding to the network 106 (via a gatewayinfrastructure node 112). In addition, the infrastructure nodes 108a-108 c may wirelessly exchange data with one another. In this way, thenodes 108 a-108 c, 112 (and optionally the nodes 110 a-110 d) form awireless network capable of providing wireless coverage to leaf nodesand other devices in a specified area, such as a large industrialcomplex.

In this example, the nodes 108 a-108 c and 110 a-110 d are divided intoinfrastructure nodes and leaf nodes. The infrastructure nodes 108 a-108c typically represent routing devices that can store and forwardmessages for other devices. On the other hand, the leaf nodes 110 a-110d are generally non-routing devices that do not store and forwardmessages for other devices (although they could) and include fielddevices or field instruments. Infrastructure nodes 108 a-108 c can beline-powered devices (meaning these nodes receive operating power froman external source) or powered by local power supplies (such as internalbatteries or other internal power supplies). Leaf nodes 110 a-110 dtypically represent devices powered by local power supplies. Leaf nodes110 a-110 d are often more limited in their operations, such as to helppreserve the operational life of their power supplies.

The nodes 108 a-108 c and 110 a-110 d include any suitable structuresfacilitating wireless communications, such as radio frequency (RF)frequency-hopping spread spectrum (FHSS) or direct sequence spreadspectrum (DSSS) transceivers. The nodes 108 a-108 c and 110 a-110 dcould also include other functionality, such as functionality forgenerating or using data communicated over the wireless network. Forexample, the leaf nodes 110 a-110 d could include wireless sensors usedto measure various characteristics within an industrial facility. Thesensors could collect and communicate sensor readings to the controller104 via the wireless network. The leaf nodes 110 a-110 d could alsoinclude wireless actuators that receive control signals from thecontroller 104 and that adjust the operation of the industrial facility.In this way, the leaf nodes may include or operate in a similar manneras the process elements 102 physically connected to the controller 104.The leaf nodes 110 a-110 d could further include handheld user devices(such as INTELATRAC devices from HONEYWELL INTERNATIONAL INC.), mobilestations, programmable logic controllers, process controllers, or anyother or additional devices. The infrastructure nodes 108 a-108 c, 112may also include any of the functionality of the leaf nodes 110 a-110 dor the controller 104.

The gateway infrastructure node 112 functions as an infrastructure nodeand communicates wirelessly with, transmits data to, and receives datafrom one or more infrastructure nodes and possibly one or more leafnodes. The gateway infrastructure node 112 also converts data betweenprotocol(s) used by the network 106 and protocol(s) used by the nodes108 a-108 c and 110 a-110 d. For example, the gateway infrastructurenode 112 could convert Ethernet-formatted data transported over thenetwork 106 into one of multiple wireless protocol formats used by thenodes 108 a-108 c and 110 a-110 d. The gateway infrastructure node 112could also convert data received from one or more of the nodes 108 a-108c and 110 a-110 d into Ethernet-formatted data for transmission over thenetwork 106. In addition, the gateway infrastructure node 112 couldsupport various functions, such as network creation and security, usedto create and maintain a wireless network. The gateway infrastructurenode 112 includes any suitable structure for facilitating communicationbetween components or networks using different protocols.

The system 100 here also includes one or more servers 114. Each server114 denotes a computing device that executes applications for users orother applications. The applications could be used to support variousfunctions for the controllers 106, the wireless network, or othercomponents of the system 100, such as an asset management applicationrelated to the system 100. Each server 114 could represent a computingdevice running a WINDOWS operating system or other operating system.Note that while shown as being local within the control and automationsystem 100, the functionality of the server 114 could be remote from thecontrol and automation system 100. For instance, the server 114 could becommunicatively coupled to the system 100 via at least one network 116.This may allow, for instance, the server 114 to be remote from thesystem 100. This may also allow the functionality of the server 114 tobe implemented in a computing cloud. If the server 114 is remote, agateway could be positioned between the networks 106 and 116 to restrictaccess to the system 100.

In some embodiments, at least one gateway infrastructure node 112includes a built-in firewall that can be used to protect leaf nodes 110a-110 d or other lower-level devices in the system 100. In otherembodiments, at least one leaf node 110 a-110 d (such as a wired fielddevice) can be coupled to a wireless adaptor 118 (which supportswireless communication using at least one industrial wireless networkprotocol), and the wireless adaptor 118 includes a built-in firewallthat can be used to protect the associated leaf node(s) 110 a-110 d orother lower-level device(s) in the system 100. The Wireless HighwayAddressable Remote Transducer (WirelessHART) protocol is used as anindustrial wireless network protocol by this disclosure. However, anyother or additional industrial wireless network protocols could also beused here, such as an ISA100 wireless network protocol (and the fielddevices and wireless network may or may not use the same protocol).Also, note that this disclosure is not limited to any wireless protocolor any particular wireless gateway or wireless adaptor. In general, anywireless gateway or wireless adapter when acting as a tunnel to at leastone foreign protocol (such as Modbus) can implement a similar firewallto filter out commands, parameters, registers, or other information.

Although FIG. 1 illustrates one example of an industrial control andautomation system 100, various changes may be made to FIG. 1. Forexample, the system 100 could include any number of each component.Also, the functional division shown in FIG. 1 is for illustration only.Various components in FIG. 1 could be combined, subdivided, or omittedand additional components could be added according to particular needs.Further, while the wireless network is illustrated in FIG. 1 as beingused along with a wired controller 104 and wired process elements 102,the wireless network could be used without any wired process elements orcontrollers. In addition, FIG. 1 illustrates one example operationalenvironment where built-in firewalls for secure access to instrumentscan be used in wireless gateways and wireless adaptors. Thisfunctionality can be used in any other suitable system.

FIG. 2 illustrates an example device 200 having a built-in firewall forsecure access to instruments within a wireless adaptor or wirelessgateway according to this disclosure. For ease of explanation, thedevice 200 is described as being used in the industrial control andautomation system 100 of FIG. 1. The device 200 could, for example,represent at least part of a gateway infrastructure node 112 or wirelessadaptor 118 in FIG. 1. However, the device 200 could be used in anyother suitable system and could represent any suitable device in thatsystem.

As shown in FIG. 2, the device 200 includes at least one processor 202,at least one storage device 204, at least one communications unit 206,and at least one input/output (I/O) unit 208. Each processor 202 canexecute instructions, such as those that may be loaded into a memory210. Each processor 202 denotes any suitable processing device, such asone or more microprocessors, microcontrollers, digital signalprocessors, application specific integrated circuits (ASICs), fieldprogrammable gate arrays (FPGAs), or discrete circuitry. The processor202 could execute any suitable instructions, such as those implementinga firewall as well as those implementing desired gateway/adaptorfunctionality.

The memory 210 and a persistent storage 212 are examples of storagedevices 204, which represent any structure(s) capable of storing andfacilitating retrieval of information (such as data, program code,and/or other suitable information on a temporary or permanent basis).The memory 210 may represent a random access memory or any othersuitable volatile or non-volatile storage device(s). The persistentstorage 212 may contain one or more components or devices supportinglonger-term storage of data, such as a read only memory, hard drive,Flash memory, or optical disc.

Each communications unit 206 supports communications with other systemsor devices. For example, at least one communications unit 206 couldinclude one or more wireless radios. When used in a wireless gateway112, the one or more wireless radios can be used to communicate withinfrastructure and leaf nodes 110 a-110 c. When used in a wirelessadaptor, the one or more wireless radios can be used to communicate withinfrastructure nodes 108 a-108 c and gateway infrastructure node 112.The communications unit 206 can also include at least one interface thatsupports communications over one or more wired connections, such as withone or more field instruments (in a wireless adaptor) or with one ormore data networks (in a wireless gateway). Each communications unit 206may support communications through any suitable physical or wirelesscommunication link(s).

Each I/O unit 208 allows for input and output of data. For example, theI/O unit 208 may provide a connection for user input through a keyboard,mouse, keypad, touchscreen, or other suitable input device. The I/O unit208 may also send output to a display, printer, or other suitable outputdevice. Note, however, that the use of the I/O unit 208 for local I/Omay not be needed, such as when the device 200 is accessible locally orremotely over a network connection.

The present disclosure contemplates the incorporation of a built-infirewall into a WirelessHART (Highway Addressable Remote Transducer)infrastructure gateway 112 or a WirelessHART adaptor 118. Note thatthese details relate to specific implementations for the WirelessHARTnetwork protocol and that other embodiments could differ from theseimplementations without departing from the scope of this disclosure. Forinstance, other industrial wireless network protocol(s) could be usedinstead of, or in addition to, the WirelessHART communication protocol,such as the ISA100 industrial wireless protocol.

The WirelessHART infrastructure gateway 112 acts as a wireless gatewaybetween other automation systems, controllers and asset managementsoftware, to wireless field instruments or other wireless devicesoperating under a WirelessHART communication protocol.

Wireless adaptors, such as wireless adapter 118, are wirelesscommunications equipment used to connect wired field instruments to aprocess control and automation system. The wireless adapters provide thecapability of wireless communication to wired field instrumentscontained in wired leaf node, such as leaf node 110 d. The adaptor 118provides a communication gateway, providing access to the processvariables and diagnostic information furnished by wired fieldinstruments in a leaf node and acts as a wired master to the fieldinstruments and a wireless slave to a wireless infrastructure gateway112.

Both a WirelessHART infrastructure gateway or adaptor with a built-inconfigurable firewall will secure HART instruments from anyunwanted/unauthorized write access and misconfigurations. The HART 7.0Specification has added new HART commands such Command 75, Command 84and Command 77 that enables identification of the field instrumentsoperating under the HART protocol connected to a wireless gateway oradapter, allowing for transmission of embedded commands to these fieldinstruments. The WirelessHART gateway or adapter operating under theHART 7.0 specification, provides for complete access to the process andconfiguration data to a connected field instrument including processvariables, fields instrument configurations and diagnostic/maintenanceInformation.

FIG. 3 illustrates an example of a WirelessHART infrastructure gateway312 with a built-in firewall in accordance to the present disclosure.The WirelessHART gateway 312 acts as a wireless infrastructure gatewaybetween other automation systems, controllers and asset managementsoftware, to WirelessHart field instruments 320 a-320 c or otherwireless devices or leaf nodes, such as leaf node 310, operating under aWirelessHART communication protocol. In certain applications, theWirelessHART infrastructure gateway 312 can also play the role of awireless network manager for a wireless network 100. In this capacity asa network manager the WirelessHART infrastructure gateway can overseethe operation of the wireless network and detect and report any networkfailures.

In a WirelessHART gateway 312, firewall rules are configured by a userusing a GUI (Graphical User Interface) of a web-based firewallconfiguration software 303 that can also be a part of an assetmanagement software application 301, such as Honeywell's Asset Managerapplication that monitors assets ranging from field devices to processunits. The asset management software provides an integrated supportsystem for both wired and wireless devices via a device managercomponent 302. The asset management software 301 can reside on a localserver 114 or remotely via cloud 116. The commands and data from thefirewall configuration software 303 and device manager software 302 aresent to the infrastructure gateway node 312 and its communication unit206 via controller 104 and network 106.

The firewall rules configuration is done by only a privileged user usingconfiguration access rights assigned to the privileged user. Thefirewall rules parameters are protected with a SafeKey. The SafeKey isan encrypted key based on the serial number of the gateway or adapterprovided to Admin/Privileged user of the wireless system. The privilegeduser with SafeKey executes a firewall configuration display that ispresented to the user by the GUI. The firewall configuration screenprompts the user to enter the SafeKey onto the screen. On validating ofthe SafeKey, the user is prompted to Enable/Disable the firewall. Whenthe firewall is enabled, the user is prompted to enter the ManufactureID, Device Type and Device Revision of the connected Hart fieldinstrument that will be protected. Configuration rules are nextselected, such as, “Block All HART Universal and Common Practice Writecommands”, and “Block Specific HART Universal and Common Practice Writecommands”. Next the user can select specific Block commands from a listof such commands or use a block command from Vendor specific commandsfor the field instrument that should be blocked. The block commands aresent as DD (device description) commands to the WirelessHART gateway 312via network 106 to communications unit 206 and stored in the form ofread/write parameter configuration rules 305 in an NVS (Non-VolatileStorage) device such as persistent memory 212.

When the WirelessHART gateway 312 receives a Command 77 (master commandfrom device manager 302 for sending commands to connected HART fieldinstruments), the gateway processor 202 loads the firewall configurationrules 305 along with instructions for executing firewall rules engine306 software from memory 212. The processor 202 then executes theinstructions of the firewall rule engine 306. The firewall rules enginefirst checks if the firewall is enabled or disabled. If enabled, therules engine 306 checks if the Manufacturer ID, Device Type and anyDevice revision matches a connected WirelessHART field instrument thathas firewall configured values set in the gateway. The DD read/writepackets sent from the device manager software 302 are then inspectedusing deep packet inspection (DPI) by the deep packet engine 307. Thedeep packet engine software instructions are executed by processor 202and examine the write commands sent from the device manager software302. The deep packet engine 307 examines the write commands for a BlockAll HART Universal and Common Practice Write commands, a Block SpecificHART Universal and Common Practice write commands, or any specific blockcommands from a list of vendor specific commands for the WirelessHARTfield instrument that should be blocked by the firewall. Uponencountering a block command, the deep packet engine 307 returns an“access restricted’ command 16 to the device manager 302 viacommunication unit 206 and network 106 and blocks the commands frombeing sent to the WirelessHART field instruments 320 a-320 c of leafnode 310. Only the allowed or whitelisted read/write commands areallowed to be sent via the wireless connection from the gateway 312 tothe WirelessHART field instruments 320 a-320 c of leaf node 310.

It will be well understood by those skilled in the art that thedescription of a WirelessHART gateway 312 described above is typicallyused in a wireless topology that communicates wirelessly between thegateway 312 and wireless devices in the field such as the WirelessHARTdevices 320 a-320 c. However, there are instances were field instrumentscommunicate only using a non-wireless connection, using for example,wired current loops or other wired communication protocols to connect tothe automation and control system.

A second embodiment illustrated by FIG. 4 of the present disclosure,shows an example of the installation of the components of a firewallsystem in a WirelessHART adapter 418. The adapter receives wirelessinput signals from a WirelessHART gateway 312, that is connected tonetwork 106, however, its outputs commands to HART field instruments orother HART device via a wired communication network 415 operating with aHART communication protocol.

For the WirelessHART adapter 418, firewall rules are configured by auser using a GUI (Graphical User Interface) of a web-based firewallconfiguration software 303 that can also be a part of an assetmanagement software application 301, that monitors assets ranging fromfield devices to process units. The asset management software providesan integrated support system for both wired and wireless devices via adevice manager component 302. The asset management software 301 canreside on a local server 114 or remotely via cloud 116. The commands anddata from the firewall configuration software 303 and device managersoftware 302 are sent to the infrastructure gateway node 312 and itscommunication unit 206 via controller 104 and network 106.

Firewall rules are configured by a user using a GUI (Graphical UserInterface) of a web-based firewall configuration software 303 that canalso be a part of a management software application. The commands anddata from the firewall configuration software and device managementsoftware is transmitted to the WirelessHART adapter 418 from theWirelessHART gateway 312 via one or more of its wireless radiosassociated with communication unit 206. One or more wireless radiosassociated with a communication unit 206 of the WirelessHart adapter 418receives the commands and data from the WirelessHART gateway 312

The firewall rules configuration is done by only a privileged user usingconfiguration access rights assigned to the privileged user. Thefirewall rules parameters are protected with a SafeKey. The SafeKey isan encrypted key based on the serial number of the gateway or adapterprovided to Admin/Privileged user of the wireless system. The privilegeduser with SafeKey executes a firewall configuration display that ispresented to the user by the GUI. The firewall configuration screenprompts the user to enter the SafeKey onto the screen. On validating ofthe SafeKey, the user is prompted to Enable/Disable the firewall. Whenthe Firewall is enabled, the user is prompted to enter the ManufactureID, Device Type and Device Revision of the connected Hart fieldinstrument that will be protected. Configuration rules are nextselected, such as, “Block All HART Universal and Common Practice Writecommands”, and “Block Specific HART Universal and Common Practice Writecommands”. Next the user can select specific Block commands from a listof such commands or use a block command from vendor specific commandsfor the field instrument that should be blocked. The block commands aresent as DD (device description) commands to the WirelessHart adapter 418and stored in the form of read/write parameter configuration rules in anNVS (Non-Volatile Storage) device such as persistent memory 212.

When the WirelessHART adapter 418 receives a Command 77 (master commandfor sending commands to connected HART field instruments), the adapter418 loads the firewall configuration rules 405 into a processor 202 frommemory 212 along with the instructions of the firewall rules engine 406.The processor 202 then executes the instructions of the firewall ruleengine 406. The firewall rule engine first checks if the firewall isEnabled or Disabled. If Enabled, the firewall rules engine checks if theManufacturer ID, Device Type and any Device revision matches a connectedHART instrument that has firewall configured values set in theWirelessHART adapter 418. The DD read/write packets sent from the devicemanager software 302 to the adapter 418 are then inspected using deeppacket inspection (DPI) by the deep packet engine 407. The deep packetengine 407 instructions are executed by the processor 202 and examinethe write commands sent from the device manager software 302 and looksfor, a Block All HART Universal and Common Practice Write commands, aBlock Specific HART Universal and Common Practice write commands, or anyspecific block commands from a list of vendor specific commands for thewireless field instrument that should be blocked by the firewall. Uponencountering a block command, the deep packet engine 407 returns an“access restricted’ command 16 to device manager 302 through theadapter's wireless radio of communication unit 206, to the WirelessHARTgateway 312. The blocked read/write command is prevented from being sentto the HART field instruments. Only the allowed or whitelistedread/write commands are allowed to be sent via the wired interface ofcommunication unit 206 to the wired HART loop network 415 connecting theHART field instruments 420 a-420 c and other wired field devices in leafnode 410.

It is not uncommon in a manufacturing plant using field instrument tohave plant maintenance personnel use handheld devices to connect to HARTfield instruments or other HART devices for calibration, configurationor other maintenance functions. When the plant uses HART instruments tomonitor and control critical safety and other process control systemsthere is need to protect the safety and process control system fromundesired configuration changes that may lead to an unexpected orcatastrophic shutdown of the plant. It is therefore desirable to haveany access to the HART field instrument be made via the firewall systemof a WirelessHART adapter 418.

FIG. 5 illustrates the connection of a handheld portable device 501 usedto program and configure HART field instruments. The handheld device 501is connected to a WirelessHART adapter 518 through a connection port503. The connection port 503 can be an interface of I/O unit 208, asillustrated in FIG. 2. A HART field instrument 520 is connected to theWirelessHART adapter 518 through a wired HART loop 515. This secondarymaster connection of the handheld device 501 is examined by the deeppacket engine of the firewall, as was explained in FIG. 4. If the deeppacket engine encounters a block command, the deep packet engine returnsan “access restricted’ command 16 to the handheld device 501 and analert to the device manager 302. Only the allowed or whitelistedread/write commands are allowed to be sent from the handheld device 501to the HART field instrument 520.

It would be well understood by those skilled in the art although thedisclosure has been described using the HART protocol other use casesare possible and other interactions could occur using a wireless gatewayor wireless adaptor having a built-in firewall. In addition, while onespecific mechanism for using an encryption key to validate a user isdescribed, any other suitable mechanisms can be used (regardless ofwhether they use an encryption key).

In some embodiments, various functions described in this patent documentare implemented or supported by a computer program that is formed fromcomputer readable program code and that is embodied in a computerreadable medium. The phrase “computer readable program code” includesany type of computer code, including source code, object code, andexecutable code. The phrase “computer readable medium” includes any typeof medium capable of being accessed by a computer, such as read onlymemory (ROM), random access memory (RAM), a hard disk drive, a compactdisc (CD), a digital video disc (DVD), or any other type of memory. A“non-transitory” computer readable medium excludes wired, wireless,optical, or other communication links that transport transitoryelectrical or other signals. A non-transitory computer readable mediumincludes media where data can be permanently stored and media where datacan be stored and later overwritten, such as a rewritable optical discor an erasable memory device.

It may be advantageous to set forth definitions of certain words andphrases used throughout this patent document. The terms “application”and “program” refer to one or more computer programs, softwarecomponents, sets of instructions, procedures, functions, objects,classes, instances, related data, or a portion thereof adapted forimplementation in a suitable computer code (including source code,object code, or executable code). The term “communicate,” as well asderivatives thereof, encompasses both direct and indirect communication.The terms “include” and “comprise,” as well as derivatives thereof, meaninclusion without limitation. The term “or” is inclusive, meaningand/or. The phrase “associated with,” as well as derivatives thereof,may mean to include, be included within, interconnect with, contain, becontained within, connect to or with, couple to or with, be communicablewith, cooperate with, interleave, juxtapose, be proximate to, be boundto or with, have, have a property of, have a relationship to or with, orthe like. The phrase “at least one of,” when used with a list of items,means that different combinations of one or more of the listed items maybe used, and only one item in the list may be needed. For example, “atleast one of: A, B, and C” includes any of the following combinations:A, B, C, A and B, A and C, B and C, and A and B and C.

The description in the present application should not be read asimplying that any particular element, step, or function is an essentialor critical element that must be included in the claim scope. The scopeof patented subject matter is defined only by the allowed claims.Moreover, none of the claims is intended to invoke 35 U.S.C. § 112(f)with respect to any of the appended claims or claim elements unless theexact words “means for” or “step for” are explicitly used in theparticular claim, followed by a participle phrase identifying afunction. Use of terms such as (but not limited to) “mechanism,”“module,” “device,” “unit,” “component,” “element,” “member,”“apparatus,” “machine,” “system,” “processor,” or “controller” within aclaim is understood and intended to refer to structures known to thoseskilled in the relevant art, as further modified or enhanced by thefeatures of the claims themselves, and is not intended to invoke 35U.S.C. § 112(f).

While this disclosure has described certain embodiments and generallyassociated methods, alterations and permutations of these embodimentsand methods will be apparent to those skilled in the art. Accordingly,the above description of example embodiments does not define orconstrain this disclosure. Other changes, substitutions, and alterationsare also possible without departing from the spirit and scope of thisdisclosure, as defined by the following claims.

What is claimed is:
 1. An apparatus comprising: a wireless adaptorcomprising at least one interface configured to be coupled to one ormore wired field devices; the wireless adaptor also comprising at leastone wireless radio configured to communicate over a wireless network andto receive commands for the one or more wired field devices over thewireless network; the wireless adaptor further comprising at least oneprocessor configured to execute instructions to provide a firewall forthe one or more wired field devices by blocking one or more of thecommands from being sent to the one or more wired field devices.
 2. Theapparatus of claim 1, wherein: the at least one interface is configuredto be coupled to one or more wired Highway Addressable Remote Transducer(HART) field devices; and the at least one wireless radio is configuredto use a WirelessHART wireless network protocol.
 3. The apparatus ofclaim 1, wherein the at least one processor is further configured toreceive information from a user identifying one or more rules for thefirewall.
 4. The apparatus of claim 3, wherein the one or more rulesidentify that one of: all universal and common practice write commandsare blocked; certain universal and common practice write commands areblocked; and certain vendor-specific commands are blocked.
 5. A methodcomprising: coupling at least one interface of a wireless adaptor to oneor more wired field devices; using at least one wireless radio of thewireless adaptor to communicate over a wireless network and to receivecommands for the one or more wired field devices over the wirelessnetwork; and using at least one processor of the wireless adaptor toexecute instructions for providing a firewall for the one or more wiredfield devices by blocking one or more of the commands from being sent tothe one or more wired field devices.
 6. The method of claim 5, wherein:the at least one interface is coupled to one or more wired HighwayAddressable Remote Transducer (HART) field devices; and the at least onewireless radio uses a WirelessHART wireless network protocol.
 7. Themethod of claim 5, further comprising: receiving information from a useridentifying one or more rules for the firewall.
 8. The method of claim7, wherein the one or more rules identify that one of: all universal andcommon practice write commands are blocked; certain universal and commonpractice write commands are blocked; and certain vendor-specificcommands are blocked.
 9. A non-transitory computer readable mediumcontaining instruction that, when executed by at least one processingdevice, cause the at least one processing device to couple at least oneinterface of a wireless adaptor to one or more wired field devices;using at least one wireless radio of the wireless adaptor to communicateover a wireless network and to receive commands for the one or morewired field devices over the wireless network; and using at least oneprocessor of the wireless adaptor to execute instructions for providinga firewall for the one or more wired field devices by blocking one ormore of the commands from being sent to the one or more wired fielddevices
 10. An apparatus comprising: a wireless gateway comprising atleast one interface configured to be coupled to one or more networks;the wireless gateway also comprising at least one wireless radioconfigured to communicate over a wireless network and to transmitcommands for one or more wireless field devices over the wirelessnetwork; the wireless gateway further comprising at least one processorconfigured to execute instructions that provides a firewall for the oneor more wireless field devices by blocking one or more of the commandsfrom being sent to the one or more wireless field devices.
 11. Theapparatus of claim 10, wherein the at least one wireless radio isconfigured to use a Wireless Highway Addressable Remote Transducer(WirelessHART) wireless network protocol.
 12. The apparatus of claim110, wherein the at least one processor is further configured to receiveinformation from a user identifying one or more rules for the firewall.13. The apparatus of claim 12, wherein the one or more rules identifythat one of: all universal and common practice write commands areblocked; certain universal and common practice write commands areblocked; and certain vendor-specific commands are blocked.
 14. A methodcomprising: coupling at least one interface of a wireless gateway to oneor more networks; using at least one wireless radio of the wirelessgateway to communicate over a wireless network and to transmit commandsfor one or more wireless field devices over the wireless network; andusing at least one processor of the wireless gateway to executeinstructions for providing a firewall for the one or more wireless fielddevices by blocking one or more of the commands from being sent to theone or more wireless field devices.
 15. The method of claim 14, whereinthe at least one wireless radio uses a Wireless Highway AddressableRemote Transducer (WirelessHART) wireless network protocol.
 16. Themethod of claim 14, further comprising: receiving information from auser identifying one or more rules for the firewall.
 17. The method ofclaim 16, wherein the one or more rules identify that one of: alluniversal and common practice write commands are blocked; certainuniversal and common practice write commands are blocked; and certainvendor-specific commands are blocked.
 18. A non-transitory computerreadable medium containing instruction that, when executed by at leastone processing device, cause the at least one processing device tocouple at least one interface of a wireless gateway to one or morenetworks; using at least one wireless radio of the wireless gateway tocommunicate over a wireless network and to transmit commands for one ormore wireless field devices over the wireless network; and using atleast one processor of the wireless gateway to execute instructions forproviding a firewall for the one or more wireless field devices byblocking one or more of the commands from being sent to the one or morewireless field devices.
 19. The apparatus of claim 1, wherein thewireless adaptor includes at least one I/O unit configured to be coupledto a handheld programming device; the wireless adaptor executinginstructions to provide a firewall for the one or more wired fielddevices by blocking one or more of the commands from being sent to theone or more wired field devices from the handheld programming device.